Crypto wallets allow for the storage and transfer of cryptocurrencies, such as Ethereum (ERC-20), Solana (SOL-20), or any other token. They function similar to an online banking account or exist on a small hardware device that is used to send and receive transactions. For example: ERC-20 tokens are on the Ethereum blockchain, and are only stored on Ethereum wallets.
Cold/Hardware Wallets vs Hot/Software Wallets
Cold Wallet = Hardware & Paper Wallets
Key storage is offline with no internet connectivity requirement. These wallets can be viewed as vaults for storing tokens. Cold/hardware wallets store private keys digitally on an offline device, separate from a laptop or smartphone, making them less susceptible to cyberattack, or physically on a secure medium. Hardware wallets can be used to sign transactions online or in computer applications, without the need to share the wallet's private keys.
Hot Wallet = Software Wallet
These wallets are connected to the internet and thus are less secure than cold wallets. Hot/software wallets include wallets on smartphones, web browsers, and desktops. While they are more user friendly and allow for faster transactions, they are almost always linked to the internet, leaving them open for malware infections, viruses, and other cyberattacks.
A crypto wallet is defined externally by its public key or wallet address, which functions like a bank account number and is shared with a counterparty when the wallet owner wishes to receive a payment. It is usually a long string of cryptographically generated letters and numbers.
A crypto wallet's private keys give the wallet owner the ability to make transactions using the wallet. They work similarly to a banking account password or PIN numbers. However, due to the nature of cryptocurrency, private keys can be used to instantly generate a crypto wallet anywhere! For this reason, it is crucial that under no circumstance is your private key shared externally, or under best practice even manually typed on a live computer. Anyone with your private key will be able to generate your wallet in any application or crypto platform and will be in control of your assets. Private keys are usually a long string of randomly generated words, generally consisting of 6 to 24 words.
Custodial vs Non-Custodial Wallets
People who are unfamiliar with crypto or who wish to have insurance on their crypto might prefer to use a custodial wallet, in which a third-party custodian holds the private keys for users. The custodian holds the cryptocurrency for the user and is in charge of the asset's safety. There is usually a charge for this service. Selecting a trustworthy custodial service is very important.
In non-custodial wallets, the user holds all the private keys and is responsible for their own security. For additional safety measures, users should consider diversifying where they store their cryptocurrencies, such as using multiple wallets.
Protecting Crypto Wallets and Cyberattacks
A cyberattack is a malicious attempt launched from one or more devices to disable, disrupt, or steal data from another device. Different methods are deployed by cybercriminals in these attacks. Common ways criminals gain access to crypto wallets are through malware and phishing. These attacks are more common among insecure devices and networks.
Malware software such as keyloggers are designed to track all login information with the goal of sending this information back to the hackers. This can be particularly damaging if wallet owners enter their private keys on compromised computers. The most common way malware is installed on a device is through insecure networks and websites. Only access your wallet through a secure and trusted device on a secure network. Unsafe devices include public computers, devices with no security software, and a friend's or a family member's computer.
Phishing attacks bait victims to click on a link, reply to an email, or download files, often by sending emails from email addresses that may seem familiar to victims. A common form of phishing attack in the crypto space requires the user to re-enter or enter their private keys on official looking websites or forms. Under no circumstance should your private keys be entered at any point under such circumstances. If you are in doubt, always consult a professional before sharing your private keys with anyone and especially on a computer with internet access.
Best Hardware Practices
Recommended Setup
Best hardware to use: Lenovo laptops with Ubuntu Linux installed in combination with a cold wallet.
Do not use Windows and Macs to store and transact significant amounts of crypto, especially if using hot wallets. The use of a hardware wallet can mitigate some risk for Windows and Mac users; however, hardware wallets will still work best when used with a cleanly installed Lenovo laptop running Ubuntu Linux.
All information provided in this document is for informational purposes only and is a suggested starting point for crypto management best practices. To ensure the security of your cryptocurrency transactions, wallets, and storage, please consult a professional.
Crypto is not protected by the DTCC, Depository Trust & Clearing Corporation, or the FDIC, Federal Deposit Insurance Corporation.